Limit the user accounts that can connect through OpenSSH remotely

How to limit the user accounts that can connect through ssh remotely

• Note: When you initially enable the SSH server, any user with a valid account can connect remotely. This can lead to security risks because password cracking tools exist that try common username/password pairs. This method helps restrict login access.

• Keep a backup of the ssh server configuration file:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIGINAL

• Edit the configuration file:

gksudo gedit /etc/ssh/sshd_config

• Change the parameter:

PermitRootLogin no

This disallows the root user from connecting through SSH remotely.

• Add the parameter:

AllowUsers <user1> <user2> ...

and specify the usernames (space separated) that can connect remotely.

NOTE: This will allow ONLY the users specified to connect. You may use wildcards here (example: j* will allow jsmith to connect but not fsmith).

• You can also use:

DenyUsers <user1> <User2> ...

and specify, again using wildcards, users restricted from using SSH.

• If you enable the OpenSSH server and you do not wish to enable any remote connections, you may add:

AllowUsers nosuchuserhere